Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Compiling plugin-maven files take forever

See original GitHub issue

I am trying to build this project with the single command mvn clean install -P gradle -DSkipTests. However, after the compilation of most modules, compilation get stuck for the plugin-maven module. I have tried building both the current master branch and release 3.1.6 with the same outcome. Below is the console output where the compilation gets stuck (along with an increased fan speed noise of my laptop):

[INFO] ------------< com.sap.research.security.vulas:plugin-maven >------------
[INFO] Building Plugin for Maven 3.1.7-SNAPSHOT                         [14/19]
[INFO] ----------------------------[ maven-plugin ]----------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ plugin-maven ---
[INFO] Deleting /Users/nasifimtiaz/git/vulnerability-assessment-tool/plugin-maven/target
[INFO] 
[INFO] --- versions-maven-plugin:2.7:display-dependency-updates (check-version) @ plugin-maven ---
[INFO] The following dependencies in Dependencies have newer versions:
[INFO]   junit:junit ........................................ 4.12 -> 4.13-rc-2
[INFO]   org.apache.maven:maven-compat ......................... 3.6.1 -> 3.6.3
[INFO]   org.apache.maven:maven-core ........................... 3.6.1 -> 3.6.3
[INFO]   org.apache.maven:maven-plugin-api ..................... 3.6.1 -> 3.6.3
[INFO]   org.codehaus.plexus:plexus-utils ...................... 3.2.1 -> 3.3.0
[INFO] 
[INFO] The following dependencies in pluginManagement of plugins have newer versions:
[INFO]   org.apache.maven.wagon:wagon-file ..................... 3.3.3 -> 3.3.4
[INFO] 
[INFO] The following dependencies in Plugin Dependencies have newer versions:
[INFO]   org.apache.maven.wagon:wagon-file ..................... 3.3.3 -> 3.3.4
[INFO] 
[INFO] 
[INFO] --- versions-maven-plugin:2.7:display-property-updates (check-version) @ plugin-maven ---
[INFO] 
[INFO] This project does not have any properties associated with versions.
[INFO] 
[INFO] 
[INFO] --- buildnumber-maven-plugin:1.4:create (default) @ plugin-maven ---
[INFO] Executing: /bin/sh -c cd '/Users/nasifimtiaz/git/vulnerability-assessment-tool/plugin-maven' && 'git' 'rev-parse' '--verify' 'HEAD'
[INFO] Working directory: /Users/nasifimtiaz/git/vulnerability-assessment-tool/plugin-maven
[INFO] Storing buildNumber: 5d4ee4bedd228f67bd800dc41e7709507646e9d9 at timestamp: 1575849991620
[INFO] Storing buildScmBranch: master
[INFO] 
[INFO] --- jacoco-maven-plugin:0.8.4:prepare-agent (default-prepare-agent) @ plugin-maven ---
[INFO] argLine set to -javaagent:/Users/nasifimtiaz/.m2/repository/org/jacoco/org.jacoco.agent/0.8.4/org.jacoco.agent-0.8.4-runtime.jar=destfile=/Users/nasifimtiaz/git/vulnerability-assessment-tool/plugin-maven/target/jacoco.exec,excludes=**/antlr/Java*.*
[INFO] 
[INFO] --- maven-plugin-plugin:3.5.2:helpmojo (help-goal) @ plugin-maven ---
[WARNING] 

Goal prefix is specified as: 'vulas'. Maven currently expects it to be ''.

[INFO] Using 'UTF-8' encoding to read mojo source files.
[INFO] java-javadoc mojo extractor found 0 mojo descriptor.
[INFO] java-annotations mojo extractor found 0 mojo descriptor.
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ plugin-maven ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ plugin-maven ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 12 source files to /Users/nasifimtiaz/git/vulnerability-assessment-tool/plugin-maven/target/classes

My machine is Mac OS X 10.14.6. I have 8 CPU Cores and 16 GB RAM on my machine. In eclipse, I have set up the heap space to be 8GB (I tried to mvn install from the terminal but faced the same outcome).

What could be the possible reasons behind this and how can I troubleshoot?

[Note that I have also posted this question on Stack Overflow with the vulas tag.]

Issue Analytics

State:
Created 4 years ago
Comments:8 (3 by maintainers)

Top GitHub Comments

1reaction

Naramsimcommented, Dec 9, 2019

Hi @nasifimtiazohi, sure! First of all, you should understand the main three parts of the tool:

frontend: Used to access the results of scans
backend: Used to aggregate the data and fetch known vulnerabilities
client: Used to scan your personal applications

In your case, the client is called plugin-maven if you are scanning an application built with Maven. The backend is a set of APIs which are hosted right now on your localhost:8033/backend, the frontend is instead a simple website that fetches scan results from the APIs and formats those nicely.

The client is already present in your machine since you were able to mvn install the project, so your local .m2 is filled with an archive called plugin-maven. Now you need the backend/frontend. Follow this guide to have them set up, the thing that you have to know is that we don’t offer any service for the public clients, so the clients have to install somewhere the frontend/backend. Once you have the backend/frontend ready you need to load the data about vulnerabilities inside, with this guide.

Once you are there you are ready to start some scans on local applications. Basically you need to add to your application’s pom.xml a section that instructs your plugin-maven about how to connect to the backend APIs. You can follow this guide.

Once you’re done with your scan you should be able to see the results in your workspace in the frontend.

I know this entire procedure is quite long and complicated but it all originates that we are not allowed to offer our service (frontend+backend) to Internet users. So you have to spin up all the backend logic.

1reaction

nasifimtiazohicommented, Dec 9, 2019

I am using JDK11. Let me try with JDK8. Thanks for the reply.

Top Results From Across the Web

Compiling plugin-maven files take forever · Issue #312 - GitHub

I am trying to build this project with the single command mvn clean install -P gradle -DSkipTests. However, after the compilation of most ......

Compiling plugin-maven files take forever for Vulas

I was using JDK11 while the current release of Vuilas (3.1.6) only works with JDK8. Building with JDK8 was successful.

How to Speed up Your Maven Build - JRebel

In the next five sections, I try to explain some of the most common reasons as to why Maven build is taking longer...

POM Reference - Maven

The POM contains all necessary information about a project, as well as configurations of plugins to be used during the build process.

Apache Maven Tutorial - Vogella.com

Build tools performs the compilation, testing, packaging and deployment of the final product. The advantages of performing these steps automatically instead ...